Security Bulletin: IBM Maximo Asset Management - There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application (CVE-2024-29203)

Summary There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2024-29203 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the iframe elements. A remote...

Security Bulletin: Maximo Asset Management - There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application (CVE-2024-29881)

Summary There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application. CVE-2024-29881. Vulnerability Details CVEID:CVE-2024-29881 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the external SVG...

CVE-2023-48219

Summary of CVE-2023-48219 (TinyMCE): A mutation XSS (mXSS) flaw in TinyMCE’s core undo/redo and related APIs/plugins arises from text nodes in certain parents not being escaped during serialization per HTML standards. If a text node contains a special internal marker, it can combine with other HT...